I tried telnet once or twice when trying to get in without success, I suspect that the factory defaults in nvram/uboot-env are looser than usual for qualification tests or something, then are set back to zero on first boot. I recall similar things being mentioned on the Redmi AC2100.
I would have assumed they would move the firstboot script earlier on so it wouldn't run after the service init scripts, but I guess not?
Highly recommend you take this chance to telnet in and nvram set telnet_en=1, nvram set uart_en=1, nvram set ssh_en=1 (well, you'd still have to modify the init script to ignore the fact that you're running release channel firmware, but the contents of mine would reset on each boot so I think you'd have to put it in the overlay somehow), nvram set boot_wait=on, nvram commit etc; before you lose access. (Worst case scenario you would have serial access to u-boot with these all on.)
Yeah, I slightly modified the python implementation that was floating around because it had some weird dependency and expected a file, even though punching in the serial from the sticker/web ui was fine. I'll paste it below for reference, since many would prefer a python implementation.
#!/usr/bin/env python3
import sys
import hashlib
if sys.version_info < (3,7):
print("python version is not supported", file=sys.stderr)
sys.exit(1)
# credit goes to zhoujiazhao:
# https://blog.csdn.net/zhoujiazhao/article/details/102578244
salt = {'r1d': 'A2E371B0-B34B-48A5-8C40-A7133F3B5D88',
'others': 'd44fb0960aa0-a5e6-4a30-250f-6d2df50a'}
def get_salt(sn):
if "/" not in sn:
return salt["r1d"]
return "-".join(reversed(salt["others"].split("-")))
def calc_passwd(sn):
passwd = sn + get_salt(sn)
m = hashlib.md5(passwd.encode())
return m.hexdigest()[:8]
if __name__ == "__main__":
if len(sys.argv) != 2:
print(f"Usage: {sys.argv[0]} <S/N>")
sys.exit(1)
serial = sys.argv[1]
print(calc_passwd(serial))